52443cb60c
IPE's initial goal is to control both execution and the loading of kernel modules based on the system's definition of trust. It accomplishes this by plugging into the security hooks for bprm_check_security, file_mprotect, mmap_file, kernel_load_data, and kernel_read_data. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
30 lines
604 B
C
30 lines
604 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
|
|
*/
|
|
|
|
#ifndef _IPE_EVAL_H
|
|
#define _IPE_EVAL_H
|
|
|
|
#include <linux/file.h>
|
|
#include <linux/types.h>
|
|
|
|
#include "policy.h"
|
|
|
|
#define IPE_EVAL_CTX_INIT ((struct ipe_eval_ctx){ 0 })
|
|
|
|
extern struct ipe_policy __rcu *ipe_active_policy;
|
|
|
|
struct ipe_eval_ctx {
|
|
enum ipe_op_type op;
|
|
|
|
const struct file *file;
|
|
};
|
|
|
|
void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
|
|
const struct file *file,
|
|
enum ipe_op_type op);
|
|
int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
|
|
|
|
#endif /* _IPE_EVAL_H */
|